Beruflich Dokumente
Kultur Dokumente
Answer :
2. Go to Logs and open relevant logs depending on the event that triggered alert
(monitor/script/patching) and open details to see what is causing the failure.
3. Investigate the issue and if you find a solution close the ticket by entering resolution. If
however, you can't find a solution, leave the ticket open and consult with colleagues.
Attachments :
Categories :
Answer :
After Malware detected ticket is raised, you should open the ticket to check malware info
(Malware detected: C:\Users\xx\Downloads\DriverSupport.exe,
ApplicUnwnt@#3a59mgh5ba3as, Detect).
Go to Applications --> Endpoint Manager --> Security Sub-Systems --> Antivirus and open
Quarantined Files tab, find and open the malware info.
Click on Analyze New File and paste malware hash value to dedicated field. Run Search.
Clean - In Applications --> Endpoint Manager --> Security Sub-Systems --> Antivirus open
Quarantined Files tab, click on Restore File(s) on Devices to restore the file on client's device,
rate file as Rate as Trusted and close the ticket with appropriate comment about performed
actions and Valkyrie report results.
PUA (Potentially Unwanted Application) - In Applications --> Endpoint Manager --> Security Sub-
Systems --> Antivirus open Quarantined Files tab, click on Delete File(s) from Device to delete the
file from client's device, rate file as Rate as Unrecognized and close the ticket with appropriate
comment about performed actions and Valkyrie report results. Decision for certain PUA
applications can be changed based on client complaints.
Malware - In Applications --> Endpoint Manager --> Security Sub-Systems --> Antivirus open
Quarantined Files tab, click on Delete File(s) from Device to delete the file from client's device,
rate file as Rate as Malicious. open Device List tab, find and open client's device and run Scan -->
Antivirus Quick Scan. Close the ticket with appropriate comment about performed actions and
Valkyrie report results.
Attachments :
Categories :
Answer :
3. Go to Logs-->Script Logs and find Cybercillin - 5 top CPU/RAM consuming processes with
launch type Auto Remediation that realized at the same time as previous monitor log. Open
Details and look at the top 5 processes that are consuming CPU/RAM of customer's device.
4. If necessary, run procedure one more time by selecting Run Procedure on device and writing
procedure' name (Cybercillin - 5 top CPU/RAM consuming processes). After procedure finishes
look at the details again.
5. Look for unknown processes and search data about them on the internet. Use
https://valkyrie.comodo.com, https://www.virustotal.com/en/ and other available resources.
6. There can be different solutions for such issue. These are some of them:
Customer may have another anti-virus software installed on his device that conflicts with
Comodo Client Security and causes these performance issues. If so, contact customer's preferred
contact via Cybercillin SOC official email and advise him to uninstall existing non-Comodo anti-
virus software from his device. Close the ticket and enter resolution activities you have
performed.
Customer's device may have been infected with malware that is not recognized by Comodo
Client Security engine. Treat the process as possible malware and follow procedure for malware
detection.
Attachments :
Categories :
Question : How should I enroll customer's devices when Customer is selected as preferred
contact in the request?
Answer :
When you receive email request for customer provisioning in Service Desk app in which
Customer is selected as preferred contact, you should do the following:
4. After user is created, check the user and click on Enroll Device button to create enrollment
email. In Please choose the device owner(s) field should be Customer name (Partner/Franchise
name) (e.g. Transact Group (Cybercillin St George)) and if not check whether user you selected is
the correct one. Finally, click on Email enrollment instructions button after which you will receive
email with enrollment instructions. Copy the link Click this link to enroll your device. You will
have to paste it in ticket reply.
6. Go to Applications-->Service Desk-->Tickets and click on New Ticket. In Search User field enter
first letters of customer's email and select the correct email. Go to Ticket Information & Options
section and Ticket Source field choose Email, under Category choose Enrollment of Devices, in
Ticket Details section as Issue summary enter Enrollment of devices and same in description box
and click to open ticket.
Attachments :
Categories :
Question : What should I do when CRITICAL ERROR report from Datto Backup arrives?
Answer :
1. Open Datto portal and click on DEVICE WEB icon to connect to remotely connect to local
storage device.
2. Go to PROTECT tab and click on Show Backup Logs to see the logs that contain information
about the occurred error.
3. Search for explanation about the error by clicking on GET MORE INFO on red Backup Error bar.
4. If you can't find the solution raise a ticket to Datto support by clicking on Support-->Support
ticket on Datto portal. A new page Datto Knowledge Base will open.
5. Click on SUBMIT A REQUEST and fill out requested info. Choose Datto Technical Support, enter
soc@cybercillin.com email address in CC field, write subject and description of the situation and
choose email as preferred method for contact. You will find device serial number on Datto
Portal's Backup status tab under device name.
6. After you resolve the issue, write the solution in Shift report so it could be entered in C1
knowledge base.